Security

My IP has been locked from the NSM 2007.2 console and now I am unable to unblock it. I see that it has been blocked when looking in /usr/netscreen/GuiSvr/car/xdb/data/BlockedIPList, but I do not see how to change it to unblock. Any help with unblocking the IP will be helpful?

Hi Ironman,

 

if you are able to access the NSM server using the Gui from anoher system , then you can remove the ip block by using

Tools --> managed blocked hosts.

 

There you can remove the ip block.

 

Kind regards

 

Colin

 

Unfortuately that option is not available to me. This happens when trying to log into my Central Manager running NSM 2007.2r2. On the regional servers I can use the tools->block Host option, but this option does not appear in Central manager.

Hi Ironman,

 

o.k.

 

you'll need to go to /usr/netscreen/GuiSvr/utils

run .xdbViewEdit.sh

 

you'll be prompted to open in read only mode

you need to edit, so select no.

 

Then from the menu

 

1. Display all domains with domain-id
    2. Display all category names
    3. Display tuples in a category across all domains
    4. Display tuples in a category for a single domain
    5. View/Edit record by category.doc-id
    6. View/Edit record by domain-id.category.tuple-name
    7. View/Edit record by domain-id.category.tuple-id
    8. View Reference DB
    9. Change DB version (Disabled in RW mode)
    10. Insert a record by domain-id.category
    11. Delete a record by domain-id.category.tuple-id
    12. Quit

    Enter choice number: 4

Enter domain and category name in domain-id.category format: 0.blockedIPList

 

You should get something like

 

Tuples for category blockedIPList
domain-id       object-id
_________       _________
        0               0
("192.168.20.1")

(END)

 

so my blocked ip is listed above, to remove it

 

<esc> : q to get back to the menu

 

then from the menu

 

    11. Delete a record by domain-id.category.tuple-id
    12. Quit

    Enter choice number: 11

Enter tuple-name in format domain-id.category.tuple-id: 0.blockedIPList.0

Deleted tuple 0.blockedIPList.0
Hit ENTER or return to continue...




(my entry was 0 0 for domain and object id)

 

now 12 to exit

 

and it should now be unlocked for your ip again.

 

If there are muliple IP's then take the object id next to the ip you need to unblock.

 

Kind regards

 

Colin

 

 

 

 

 

 

Thanks Collin, I had a feeling I would have to go into the database to make this work. However, I have a few questions:

1) This is setup as HA, so will this cause a fail over? If so, what is the best way to go about making this change?

2) Is there a script that I can create or a command that I can run instead of doing the procedure each time an IP is blocked? If so, can you kindly provide the info to do so.

 

Thank you for your help with this

 

Hi Ironman,

 

1) if you are in HA, you would be best to stop HA on the backup, then stop  HA on the primary before running through this procedure.

 Your DBwill sync accross to the backup device. Unfortunately i think you'll need to run through this, I haven't tried manipulating files individually, but even if you did, you'd need to get the data loaded back into xdb, which would require a restart. I would use .xdbViewEdit.sh. Alternatively, if you can temporarily change your source ip for the guiClient, you can do this as described in my first response.

 

2) Again, would be best to use an secondary workstation with a different source ip to do this. The reason for this is , you cannot be sure what the object id will be everytime, it depends on if there are multiple ips blocked.

 

Hope it helps

 

Kind regards

 

Colin

#blockedIP
#ip
#blocked

Worked perfectly, thank you for your help

Accepted Solution.

 

Thanks for this valuable

---

@CB wrote:

Hi Ironman,

 

o.k.

 

you'll need to go to /usr/netscreen/GuiSvr/utils

run .xdbViewEdit.sh

 

you'll be prompted to open in read only mode

you need to edit, so select no.

 

Then from the menu

 

1. Display all domains with domain-id
    2. Display all category names
    3. Display tuples in a category across all domains
    4. Display tuples in a category for a single domain
    5. View/Edit record by category.doc-id
    6. View/Edit record by domain-id.category.tuple-name
    7. View/Edit record by domain-id.category.tuple-id
    8. View Reference DB
    9. Change DB version (Disabled in RW mode)
    10. Insert a record by domain-id.category
    11. Delete a record by domain-id.category.tuple-id
    12. Quit

    Enter choice number: 4

Enter domain and category name in domain-id.category format: 0.blockedIPList

 

You should get something like

 

Tuples for category blockedIPList
domain-id       object-id
_________       _________
        0               0
("192.168.20.1")

(END)

 

so my blocked ip is listed above, to remove it

 

<esc> : q to get back to the menu

 

then from the menu

 

    11. Delete a record by domain-id.category.tuple-id
    12. Quit

    Enter choice number: 11

Enter tuple-name in format domain-id.category.tuple-id: 0.blockedIPList.0

Deleted tuple 0.blockedIPList.0
Hit ENTER or return to continue...




(my entry was 0 0 for domain and object id)

 

now 12 to exit

 

and it should now be unlocked for your ip again.

 

If there are muliple IP's then take the object id next to the ip you need to unblock.

 

Kind regards

 

Colin

 

 

 

 

 

 

---

reference

If you want to see those options from the GUI make sure that your user ID in NSM is in the predefined 'System Administrator' group and then you will see additional options under tools to unblock the IP